CVE-2018-8531

HIGH

Azure IoT Hub Device Client SDK - Memory Corruption

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105472

Scores

CVSS v3 8.8
EPSS 0.1519
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
microsoft/azure_internet_of_things_edge
microsoft/csharp_software_development_kit
Published Oct 10, 2018
Tracked Since Feb 18, 2026